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Response to Amendment 

This Office Action is in response to a communication made on July 2, 2010. 
Claims 7, 1 0, 1 4, and 20 are currently amended. 
Claims 24-25 are newly added. 

Claims 7, 10, 14, 20, and 22-25 are pending in this application. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7, 10, 20, and 23-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over llnicki (6751677) in view of Subramaniam (6081900). 

Regarding claim 7, llnicki teaches a method allowing a client application running 
on a client machine linked to a client network to establish communication with a server 
application hosted in a server machine linked to a server network in order to exchange 
messages with the server application, said messages passing between the client 
network and the server network through a network layer of a gateway machine (Figure 
3), the method comprising: 

A) receiving a request from the client application to establish communication at a 
first security level to a first port on the server machine (Col. 5, lines 21 -25); 
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B) creating a first port on tine gateway macliine (Col. 5, lines 4-13); 

C) creating at least one first created process on the gateway machine (Col. 8, 
lines 46-57); 

D) establishing a first connection from the client application to the first port on the 
gateway machine, the first connection connecting the client machine to the gateway 
machine for the exchange of messages at the first security level (Col. 5, lines 21 -25); 

E) creating a second port in the gateway machine (Col. 8, lines 46 - 57); 

F) establishing a second connection from the second port of the gateway 
machine to the first port of the server machine, the second connection to be used to 
exchange messages at a second security level which is reduced from the first security 
level (Col. 8, lines 46 - 57); and 

G) rerouting to the second port of the gateway machine messages sent from the 
client network addressed to the first port of the server machine (Col. 8, lines 46 - 57); 

H) routing, to the first port of the gateway machine, messages received by the 
gateway machine that art addressed to the client application on the client machine (Col. 
8, lines 46-57). 

Illnicki does not explicitly indicate the first created process on the gateway 
machine handling security processing at the first security level of encryption for said 
messages sent and said messages received on the first port of the gateway machine, 
thereby removing from the server machine, security processing at the second security 
of encryption level for these messages. 
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Subramaniam teaches a system which redirects requests to a target server to a 
gateway/border server which creates a secure encrypted connection from that gateway 
to the client and a second differently secured connection from the gateway to the target 
server (Col. 6, lines 40-45; Col. 7, lines 24-35; Col. 8, lines 13-19; Col. 9, lines 1 1 
-17). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made that Subramaniam's teaching can be incorporated into llnicki's 
system so that if the network is configured that the gateway gets places on the edge of 
a private network, a secure connection needs only to be maintained as far as the public 
network and the security session information does not need to be continued into the 
more secure private network. 

Regarding claim 10, llnicki teaches a method according to claim 7, wherein said 
steps D, E, and F are executed automatically by the first created process of the gateway 
machine and wherein said first created process generates the second process that 
executes said steps G and H (Col. 5, lines 21 -25, wherein using different processes for 
different operations of the gateway is an obvious variation of any program run on a 
computer). 

Regarding claim 20, llnicki teaches a method according to claim 7, further 
comprising deleting, by ordering the network layer of the gateway machine, messages 
sent from the client network to a port other than the first located in the server machine 
regardless of a security level of said message sent to the port (Col. 5, lines 60 - 65, 
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where if tine port is unautliorized to be sent tlirougli tine gateway, tlien tine messages will 
not be allowed to pass through the gateway). 

Regarding claim 23, Inicki teaches a method as claimed in claim 7, wherein the 
rerouting of the messages addressed to the first port of the server application is done in 
a way that is transparent to the client application (Col. 8, lines 46 - 57). 

Regarding claim 24, llnicki in combination with Subramaniam teaches the 
method according to claim 7, wherein the second security level of encryption provides 
for exchange of messages which are unencrypted (See Subramaniam, Col. 9, lines 1 1 - 
17). 

Claims 14 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over llnicki in view of Subramaniam, and in further view of Rees (6981265). 

Regarding claim 14, llnicki teaches a method for allowing a client application to 
establish, in a client network, a first connection at a first security level with a first port of 
a server application hosted in a server machine linked to a server network, in order to 
send messages addressed to the server machine, said messages passing from the 
client network to the server network through a network layer of a gateway machine, the 
method comprising: 

generating, in the gateway machine, a processing thread which establishes said 
first connection (Col. 5, lines 21 -25); 

activating, in the gateway machine, a secure application proxy that performs 
security processing at the first security level and that reroutes the messages addressed 
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to the first port of tine server application away from tine first connection (Col. 5, lines 21 - 
25); and, 

establishing at a second security level, a second connection between a port of 
the server application and the gateway machine, said port being configured to receive at 
least one message at a second security level from the gateway machine via said 
second connection(Col. 8, lines 46 - 57), and 

wherein said generating step is performed in response to detection of a request 
from the client application addressed to the first port of the server application to 
establish said first connection; and wherein said second connection is unknown to said 
client application (Col. 8, lines 46 - 57). 

Ilnicki does not explicitly indicate that the gateway server establishes a 
connection with a second port of the server application, rather than a first port or that 
the second security level is lower than the first. 

Rees teaches a system for relaying messages from an external network into an 
internal network through a gateway (Fig. 11) that includes a teaching that messages 
forwarded to port 1 of a port inside the network can be forwarded to a different port 
inside the network by the gateway (Col. 22, line 50 - Col. 23, line 20). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rees teaching of allowing the gateway redirect a 
communication from a first port to a second to allow communications external to the 
target server's network access ports which only internal user's can access. 



Application/Control Number: 09/936,286 Page 7 

Art Unit: 2456 

Subramaniam teaches a system which redirects requests to a target server to a 
gateway/border server which creates a secure encrypted connection from that gateway 
to the client and a second differently secured connection from the gateway to the target 
server (Col. 6, lines 40-45; Col. 7, lines 24-35; Col. 8, lines 13-19; Col. 9, lines 1 1 
-17). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made that Subramaniam's teaching can be incorporated into llnicki's 
system so that if the network is configured that the gateway gets places on the edge of 
a private network, a secure connection needs only to be maintained as far as the public 
network and the security session information does not need to be continued into the 
more secure private network. 

Regarding claim 22, llnicki teaches a method as claimed in claim 14, wherein 
the rerouting of the messages addressed to the first port of the server application is 
done in a way that is transparent to the client application (Col. 8, lines 46 - 57). 

Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
llnicki in view of Subramaniam, and in further view of Shimbo (6092191). 

Regarding claim 25, llnicki in combination of Subramaniam teaches the method 
according to claim 7, but does not explicitly indicate wherein the second security level of 
encryption is at a greater security level than a security level of no encryption. 

Shimbo teaches a system with security gateways which intercept and redirect 
network traffic which includes the concept that each destination and each host can have 
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different levels of encryption designed to them, and the security gateway provides 
encryption services to allow those encryption services to be reached (Col. 33, lines 20 - 
Col. 34, line 2). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Shimbo's teaching of encryption levels based on nodes in 
the network and using a gateway to alter the encryption level of information to allow 
client and servers in llnicki's system to operate at different encryption levels without 
having to negotiate those levels, including cases where the server receives information 
at a lower security level than the client is providing the information. 



Response to Arguments 

Applicant's arguments filed February 14, 201 1 have been fully considered but 
they are not persuasive. 

The applicant argues that the grounds of rejection mailed August 13, 2010 were 
not sufficiently clear. The examiner disagrees. While there may have been typos in 
regards to the header section of the grounds of rejection, the written rejections were 
written to provide a prima facia case for the prior art rejections. Claim 24 was fully 
mapped and listed as a rejection under the 35 USC §1 03(a) llnicki in view of 
Subramaniam. Additionally, the applicant provided a full response to the correct 
grounds of rejection and as result was not prejudiced by the formatting error. 

The applicant argues that llnicki teaches away from the combination of having 
multiple levels of security because it is directed towards having a single end to end SSL 
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connection. See remarks, pp. 8-10. Tine examiner disagrees; wliile llnicki teaclies a 
way of providing a secure connection tlirougli an intermediate gateway wliile 
maintaining the security of the connection (Col. 2, II. 46 - 63), having a complete 
disclosure of an invention does not prohibit improvements to be made to said teaching 
by one of ordinary skill in the art. Ilinicki is primarily involves creating two separate 
sessions of security involving the gateway device, suggesting that both connections are 
SSL connections does not prevent one of ordinary skill in improving portions of llnicki's 
invention based on secondary teachings. 

The applicant argues that the combination of llnicki with Subramaniam would 
require the gateway to operate differently then originally intended in the llnicki's 
disclosure. The examiner agrees, while making use of the secondary teaching of 
Subramaniam would require different programming of the gateway disclosed in llnicki. 
However, such changes to the gateway in llnicki does not defeat the combination 
because it would be within the scope of one of ordinary skill's ability to change the 
operation of the gateway to improve the llnicki's reference as taught by the secondary 
reference and would be motivated to do so based on the motivation offered in the 
rejection. 

The applicant argues that Subramaniam does not suggest routing security level 
of encryption, but instead only uses secure or not secure URL references. See 
remarks, pp. 11-12. The examiner disagrees, Subrarmaniam teaches and is relied upon 
to teach secure connections between intermediate servers and the client and server. 
Subramanian does so in Col. 8, II. 13 - 30. The URL may indicate to the client and 
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border server which protocol to use, but the connection itself is taught to be either 
secure or insecure. 

The applicant argues that Subramaniam as combined with llnicki would require 
the target server to do more processing within the system. See remarks, pp. 12-15. 
The examiner has no opinion of this statement because no limitation in the claim 
requires work be offloaded from the target server and the motivation to combine the 
references does not involve offloading work from the target server. 

The applicant argues that the combination would not teaches a first and second 
securety level of encryption because it only suggestions having no secure connection 
and continuing that security. See remarks, p. 13. The examiner disagrees, 
Subramaniam teaches a SSL secure connection and a non-secure connection thus 
those two connections require two levels of encryption as required by the claim 
language. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KEVIN BATES whose telephone number is (571)272- 
3980. The examiner can normally be reached on M-F 8 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number 
for the organization where this application or proceeding is assigned is 571 -273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/KEVIN BATES/ 

Primary Examiner, Art Unit 2456 



